On Sun, Dec 06 2009, Clint Adams wrote:
> On Sun, Dec 06, 2009 at 08:09:18PM +0100, Frans Pop wrote:
>> Hmmm. is_selinux_enabled() in src/enabled.c has the following code which is
>> executed if selinux_mnt is NULL:
>> /* Drop back to detecting it the long way. */
>> fp = fopen("/proc/filesystems", "r");
>> if (!fp)
>> return -1;
>>
>> So, is_selinux_enabled() returns -1 here, which makes the test in sed true:
>> ./sed-4.2.1/sed/execute.c:748: if (is_selinux_enabled ())
>
> If -1 is a valid response, the is_selinux_enabled man page should be
> corrected.
It is not a valid response, it is an error response. As the man
page says, is_selinux_enabled returns 1 if SELinux is running or 0 if
it is not. Anything else is undefined; you certainly should not assume
that selinux is running unless the return value is 1.
>> Should sed maybe explicitly test for a value of 1 (or > 0) instead?
>
> Is -1 meant to be an "I don't know" response?
It is meant to be an error value. Since you can't take
corrective action, just ignore it and go on.
manoj
--
"They that can give up essential liberty to obtain a little temporary
saftey deserve neither liberty not saftey." -- Benjamin Franklin, 1759
Manoj Srivastava <[email protected]> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
